Make the vold changes needed to support specifying aes-256-heh filenames
encryption. The previous mode, aes-256-cts, remains supported as well.
The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode. This is consistent with the new fstab syntax.
Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
bullhead-userdebug with disk encryption enabled and with PIN prompt at
boot can no longer unlock/mount encrypted userdata partition at boot
after updating from bullhead-userdebug prior to the two commits being
reverted here.
This reverts commit 6b7fa1bf17.
This reverts commit bbe31ba776.
Test: Flash bullhead-userdebug build created prior to the above two
commits, enable disk (set PIN to 1234) with PIN required at
boot, reboot, confirm that PIN prompt accepts the PIN, confirm
that device fully boots up and appears operational. Flash build
with this commit without wiping userdata, confirm that PIN
prompt at boot accepts the PIN and device fully boots up and
appears operational.
Bug: 35028230
Change-Id: I1e9303e9d007c0c9a3021c874340156748dff5f5
Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.
This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.
Test: marlin device boots with FBE enabled
Change-Id: Ia51fed5508e06fd6c436cca193791e57e0ab99ea
This was already done internally a while ago, but for us to submit
clang FORTIFY, we need it here, as well.
Bug: 32073964
Test: Clang FORTIFY no longer complains about open calls here.
Change-Id: I72428ac4d3279ffc330ae5aa579960c26703053c
Merged-In: Iaed2538831b19ada26005bbef33cff28209c6512
coldboot is now taken care by ueventd, so removing the duplicate
logic to save boottime.
This CL also fixes a missing lock.
Bug: 33786699
Test: manual
Change-Id: I71270252f3153abc815d142b5da7a9cb85b94dac
The system server requests unmount for appfuse when all opened file on
appfuse are closed. However the kernel sometimes returns EBUSY for
umount2 if it's just after closing all FDs on the mount point. To avoid
the case, specify MNT_DETACH to unmount.
Bug: 33363856
Test: mount and unmount appfuse repeatedly and see if unmount succeed.
Change-Id: I802e1c048357cc445febf3b95341999463a0ec65
By setting property after listeners are initialized
we avoid deadlock between vold and init where
vold is waiting on property_service while init is blocked
(and therefore is not able to accept connections) on vdc
which is attempting to communicate with vold.
(This also speeds up boot by 250ms)
Test: Boot a device, check locks and make sure there is no timeout
on property_set(.)
Test: Successfully boot a device with new property service protocol.
Bug: http://b/34278978
Change-Id: I9547d2f19cb35aa452bf01fbff0eb4b32a4824a4
(cherry picked from commit c976e73bbd)
By setting property after listeners are initialized
we avoid deadlock between vold and init where
vold is waiting on property_service while init is blocked
(and therefore is not able to accept connections) on vdc
which is attempting to communicate with vold.
(This also speeds up boot by 250ms)
Test: Boot a device, check locks and make sure there is no timeout
on property_set(.)
Test: Successfully boot a device with new property service protocol.
Bug: http://b/34278978
Change-Id: I9547d2f19cb35aa452bf01fbff0eb4b32a4824a4
The CL fixes UID check in vold.
Previously appfuse was mounted in application's namespace. For new
public version, we mount appfuse in the system process then passes
opened files to applications.
Bug: 29970149
Test: CTS
Change-Id: Icec2e626d31d978c514eb7d1954bb59ad9556c43
A work around for a kernel bug is needed to avoid the phone locking up
and turning into a hand warmer.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: Ia2121b3e3c22b10351296fa998892a91e601bb2c
standard build; make it use only static libraries as per documented
limitations of APCT.
Bug: 33384925
Test: This is a test.
Change-Id: I794adbfa3376795120cfbca1e9322093960009b5
We are investigating replacing make_ext4fs with the upstream tool mke2fs.
See b/23686092 for more informations.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period where both mke2fs
and make_ext4fs will be supported.
This patch does 3 things:
- add the necessary code to use mke2fs to format an ext4 partition;
- add a dependency to the binary used by vold.
Test: m -j32 with TARGET_USES_MKE2FS={,false,true}
TARGET_USERIMAGES_USE_EXT4={,true}
Change-Id: I89222642fe1d11a035155c8224b84b2e3719938b